DMARC Record Validator

Instant DMARC DNS record lookup & validation

ValidatorsFreeNo Signup
4.4(357 reviews)
All Tools

Loading tool...

About DMARC Record Validator

Enter any domain to retrieve and analyze its DMARC (Domain-based Message Authentication, Reporting & Conformance) DNS record. The tool fetches the _dmarc TXT record via DNS over HTTPS, parses every DMARC tag (v, p, sp, rua, ruf, pct, adkim, aspf, fo, rf, ri), validates syntax, flags common misconfigurations, and provides a plain-English explanation of each setting. Ideal for email deliverability auditing, security compliance, and DNS troubleshooting.

DMARC Record Validator Features

  • Live DNS lookup via DoH
  • Full tag parsing (v, p, sp, rua, ruf, pct, adkim, aspf)
  • Plain-English explanations
  • Misconfiguration warnings
  • No API key required
DMARC is one of the three pillars of email authentication (along with SPF and DKIM) and is critical for preventing email spoofing, phishing, and brand impersonation. The DMARC Record Validator instantly fetches any domain's _dmarc TXT record from DNS over HTTPS (powered by Cloudflare — free, no API key), parses every DMARC tag, validates syntax, and explains each setting in plain English. Whether you're debugging email deliverability issues, auditing DNS security for a client, or setting up DMARC for the first time, this tool gives you a complete analysis in seconds.

How to Use the DMARC Record Validator

Checking a domain's DMARC record is instant:

Enter a domain. Type any domain name (e.g., gmail.com, yourdomain.com) into the input field. You don't need to include _dmarc. — the tool prepends it automatically.

Click Validate. The tool queries Cloudflare's DNS over HTTPS API for the _dmarc.yourdomain.com TXT record. Results appear in under a second.

Review the analysis. Each DMARC tag is displayed with its raw value, a plain-English explanation, and a status indicator (valid, warning, or error). Common issues like missing rua reporting addresses or overly permissive p=none policies are flagged with actionable recommendations.

Key features:

  • Live DNS lookup — real queries, not cached data
  • Full tag parsing — v, p, sp, rua, ruf, pct, adkim, aspf, fo, rf, ri
  • Validation warnings — detects missing tags, invalid values, and weak policies
  • No API key needed — runs entirely client-side via Cloudflare DoH

DMARC Tags Explained

A DMARC record is a DNS TXT record with semicolon-separated tags. Here's what each one means:

  • v=DMARC1 — Version identifier. Must be the first tag and must equal DMARC1.
  • p= — Policy for the domain. Values: none (monitor only), quarantine (mark as spam), reject (block entirely). reject is the strongest protection.
  • sp= — Subdomain policy. Same values as p. If absent, subdomains inherit the domain policy.
  • rua= — Aggregate report recipients. Comma-separated mailto: addresses that receive daily XML reports.
  • ruf= — Forensic report recipients. Individual failure reports (less commonly used due to privacy concerns).
  • pct= — Percentage of messages subject to the policy (1–100). Default is 100. Useful during rollout.
  • adkim= — DKIM alignment mode. r (relaxed, default) or s (strict).
  • aspf= — SPF alignment mode. r (relaxed, default) or s (strict).
  • fo= — Failure reporting options. Controls when forensic reports are generated.
  • ri= — Reporting interval in seconds (default 86400 = 24 hours).

DMARC Best Practices

Follow these recommendations for maximum email security:

  • Start with p=none — Deploy DMARC in monitor mode first. Add rua addresses to collect aggregate reports and analyze which services send email on your behalf.
  • Progress to quarantine, then reject — Once you've confirmed all legitimate senders pass SPF/DKIM alignment, tighten the policy progressively.
  • Always include rua — Without aggregate reporting, you're flying blind. Use a DMARC report analyzer to process the XML data.
  • Set pct=100 — A percentage below 100 means a portion of failing emails will bypass your policy. Only use lower values during initial rollout.
  • Don't forget subdomains — Set sp=reject to prevent attackers from spoofing subdomains you don't use for email.
  • Pair with SPF and DKIM — DMARC relies on SPF and DKIM alignment. Ensure both are correctly configured before enforcing a DMARC policy.

Step-by-Step Instructions

  1. 1Enter a domain name (e.g., gmail.com) in the input field.
  2. 2Click 'Validate DMARC' to fetch the DNS record.
  3. 3View the raw DMARC TXT record retrieved from DNS.
  4. 4Review each parsed tag with its value and plain-English explanation.
  5. 5Check for validation warnings or errors flagged by the analyzer.
  6. 6Use the recommendations to fix any misconfigurations.

DMARC Record Validator — Frequently Asked Questions

What is DMARC and why does it matter?+

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that protects your domain from being used in phishing and spoofing attacks. It builds on SPF and DKIM by telling receiving mail servers what to do when authentication fails — monitor, quarantine, or reject the message. Without DMARC, anyone can send email that appears to come from your domain.

How does this tool look up DMARC records?+

The tool queries Cloudflare's public DNS over HTTPS (DoH) API to fetch the TXT record at _dmarc.yourdomain.com. This is the same data any email server would see. The query runs entirely in your browser — no data is stored or sent to any third-party server beyond the DNS lookup.

What does 'p=none' mean in a DMARC record?+

A policy of 'none' means the domain owner is in monitoring mode — receiving mail servers should deliver failing messages normally but send reports to the addresses in the 'rua' tag. This is typically the first step in DMARC deployment. For actual protection against spoofing, you should eventually move to 'quarantine' or 'reject'.

More Validators Tools

Explore all 10 other validators tools available on Generatr

Avro Schema ValidatorCode Validator (HTML / CSS / JSON / XML)Email Regex CheckerIBAN ValidatorInvoice CheckerRouting Number ValidatorSocial Card / Open Graph ValidatorSPF Record ValidatorUUID ValidatorWSDL Validator
Share this tool: